computerwoche.de

Archiv

Accent Office Password Recovery recovers … guess what?

16.04.2010

A mask-based attack combines the power of a brute force attack with a directed search by testing only passwords that meet a specific pattern or mask. This assumes you have some idea what the maximum and or minimum length of the password might be.

For the brute force and mask-based attacks, Accentsoft uses a clever trick: When AOPR finds one or more compatible graphics cards, it can run its cracking algorithms on the Graphics Processor Unit (GPU). Currently, AOPR supports ATI graphics cards with Stream/OpenCL technology (the 4XXX and 5XXX families) and Nvidia graphics cards with CUDA technology (eighth generation GeForce graphics cards and later) which, the company claims, can produce passes (i.e. cracking attempts) at a rate 60 times faster than a regular CPU.

I first tested AOPR using a mask-based attack on a password protected Word 2000 document. My password was five characters long so I created a five character mask and allowed for upper- and lowercase as well as numerics, spaces and symbols, which gave AOPR 7,417,954,634 possible passwords to check. On a Dell XPS 420 (2.39GHz Core2 Quad CPU with 4GB of RAM and an Nvidia GeForce 8800 GT video card) running Windows Vista Ultimate SP2, the estimated maximum solution time with AOPR running at normal priority (you can select a higher or lower priority) was around 22 minutes. The reported password testing rate was 4,560,000 tests per second and a solution was found in about 12 minutes.

I also set up a dictionary attack using a with all of the dictionary attack options enabled except for adding of numeric characters. This resulted in 46,823,788,660 possible passwords and the performance, as reported by AOPR, was about 580,000 attempts per second with an estimated running time of just under one day (I didn't bother letting it run to completion as my password isn't in any dictionary).

Overall, this is a very good product. My biggest complaint is that even though the mask creation system works adequately, I think Accentsoft seriously oversells its usability (it's definitely designed by engineers).